Compiler nerds: Am I reading this right — that in order to meet FIPS compliance, Google had to manually un-ASLRify and re-order BoringSSL assembler?https://github.com/google/boringssl/blob/master/crypto/fipsmodule/FIPS.md#integrity-test …
-
Show this thread
-
Replying to @kennwhite @4Dgifts
In this case, relocations refers to linking, not ASLR, which happens at runtime, not compile/link time. While it’s annoying to have to do this, at first glance I don’t see any obvious security issues.
1 reply 0 retweets 0 likes -
Replying to @bicoastalddean @4Dgifts
oh I wasn't focused so much on the security trade offs as the engineering wizardry.
1 reply 0 retweets 0 likes -
Replying to @kennwhite @4Dgifts
There’s been a bunch of work on “reproducible builds” so you and I can build a program from the same source, with the same build tools, and get bit-for-bit matching binaries. It’s surprisingly complicated….
1 reply 0 retweets 1 like
I remember talking to the Debian guys on the RB project in the earlier days before they got support from the Linux Foundation. Thankless, but critical work.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.